Add permissions for named to communicate over ldapi

author: Rob Crittenden <rcritten@redhat.com> 2010-01-27 14:51:53 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2010-02-03 14:40:57 -0500
commit: ececb849d2f3e07c653b53be3902981b8bc48a70 (patch)
tree: 9ee89012b821402e6c94bf6fb28e2694bfbf40e0 /selinux
parent: e672510c064558b08bd288f590d620dce96a23c5 (diff)
download: freeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.tar.gz
freeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.tar.xz
freeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te
index e01ca8912..65b161fe5 100644
--- a/selinux/ipa_httpd/ipa_httpd.te
+++ b/selinux/ipa_httpd/ipa_httpd.te
@@ -2,6 +2,7 @@ module ipa_httpd 1.2;
 
 require {
         type httpd_t;
+        type named_t;
         type initrc_t;
         type var_run_t;
         type krb5kdc_t;
@@ -11,11 +12,13 @@ require {
         class file write;
 }
 
-# Let Apache and the KDC talk to DS over ldapi
+# Let Apache, bind and the KDC talk to DS over ldapi
 allow httpd_t var_run_t:sock_file write;
 allow httpd_t initrc_t:unix_stream_socket connectto;
 allow krb5kdc_t var_run_t:sock_file write;
 allow krb5kdc_t initrc_t:unix_stream_socket connectto;
+allow named_t var_run_t:sock_file write;
+allow named_t initrc_t:unix_stream_socket connectto;
 
 # Let Apache access the NSS certificate database so it can issue certs
 # See ipa_httpd.fe for the list of files that are granted write access
author	Rob Crittenden <rcritten@redhat.com>	2010-01-27 14:51:53 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2010-02-03 14:40:57 -0500
commit	ececb849d2f3e07c653b53be3902981b8bc48a70 (patch)
tree	9ee89012b821402e6c94bf6fb28e2694bfbf40e0 /selinux
parent	e672510c064558b08bd288f590d620dce96a23c5 (diff)
download	freeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.tar.gz freeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.tar.xz freeipa-ececb849d2f3e07c653b53be3902981b8bc48a70.zip